[Mimedefang] Weird issue
Kees Theunissen
theuniss at rijnh.nl
Wed Jun 23 15:54:07 EDT 2010
On Wed, 23 Jun 2010, George Roberts wrote:
>OK, I'm having a weird issue and I just can't seem to figure it out for the life of me.
>
>In filter_begin, I read the HEADERS file:
>
># In the HEADERS file, any multiline headers have been rewritten to
># be one line. Received: is a typical example. So here we do not
># need to worry about continuation lines.
>#
># Where there are multiple headers with the same name, what we do
># here will overwrite and end up with the data for the last one.
># If we want to collect them all we make a list like @Received.
>
>my $username, $domain;
>
>%Headers = ();
As others stated already: You need to clear global variables.
Here you clear the global variable %Headers (mark the "s" in the name).
Everywhere else in the code you supplied you're using a hash named
%Header (without the "s").
>
>if (open(IN,"<./HEADERS")) {
> while(<IN>) {
> chomp;
> if (/.* for <(.*)@(.*)>/g) {
> $username = $1;
> $domain = $2;
> }
> if (/^(\S+): (.*)/) {
> my $label = $1;
> my $data = $2;
> $label = lc($label);
> $Header{$label} = $data;
Such as here, in line above.
> if ($label eq 'received') {
> push(@Received,$data);
> }
> }
> }
>}
>close(IN);
>
>$Header is global hash.
>
>In filter_end, I do this:
>
In the next line you're testing an "x-purity-verdict" left over from some
previous message if the current message didn't contain such a header.
>if ($Header{'x-purity-verdict'} =~ /spam/) {
> md_syslog('warning', 'Redirecting to quarantine - Engine verdict: ' . $Header{'x-purity-verdict'});
>
> foreach my $rec (@Recipients) {
> delete_recipient($rec);
> }
> add_recipient("quarantine\@cleveland.ijnet.net");
>}
>
>That code is checking to see if another milter, our antivirus engine, has
>added a header called X-Purity-Verdict to the message and if its value is
>"spam". It then removes the recipients and redirects the message to our
>quarantine address.
>
>That all works fine when the header is there and says "spam" ... sometimes,
>though, when a message DOESN'T have the header, the code deletes all the
>recipients and redirects to quarantine anyway, without ever puttin in the syslog entry:
>
>Jun 23 04:27:10 death purity[662]: MDLOG,o5N9R9GR005379,mail_in,,,<emailreceipts at authorize.net>,<groberts at interjuncture.com>,Merchant Email Receipt
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter delete: rcpt <groberts at interjuncture.com>
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter add: rcpt: quarantine at cleveland.ijnet.net
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter accept: message
>
>I'm just confused how it could even get to that code without putting in
>the log line and what I need to do to fix this. Our engine is properly
>diagnosing when something is spam, but our mimedefang filter is sending
>it to quarantine anyway even when it's not. :) Any thoughts?
Are you really sure about the missing log line? It could be located
somewhere else in the log file. Depending on the value of the
left over $Header{'x-purity-verdict'} from some previous message
it could be possible that you just don't recognize the log line as
belonging to this message.
Did you grep for _all_ lines containing the queue-id "o5N9R9GR005379"?
You only showed some of them.
Best regards,
Kees.
--
Kees Theunissen
F.O.M.-Institute for Plasma Physics Rijnhuizen, Nieuwegein, Netherlands
E-mail: theuniss at rijnh.nl, Tel: (+31|0)306096724, Fax: (+31|0)306031204
More information about the MIMEDefang
mailing list